Websites အားနည်းချက် တွေကို အော် တို ရှာပေးသော Tool

 MagicRecon: Fast, simple and effective Automation Tool 2024

Tool Download : https://github.com/robotshell/magicRecon

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

With Magic Recon you can perform passive and active reconnaissance, vulnerability analysis, subdomain scan and many more!

Main features 💥

  • Save the results in an organized way in different formats.
  • Subdomain enumeration.
  • Check if the domains are alive.
  • Get whois information about every subdomain.
  • Get dns information about every subdomain.
  • Extract the technologies used in the domain.
  • Get information about the certificate used in the domain .
  • Take a screenshot on the domain.
  • Searches for emails on the domain, users and more things.
  • Enumerate public resources in AWS, Azure, and Google Cloud.
  • Search juicy information via GitHub Dorks.
  • Check all entrys in robots.txt file.
  • Get all endpoints on the web.
  • Perform a parameter scan.
  • Perform a port scan to discover open ports.
  • Perform a dirsearch to find directories and files.
  • Check if is possible to bypass 403 HTTP status code.
  • Perform a massive recon and vulnerability scan via Nuclei every X seconds.
  • Search missing security headers.
  • Check if the domain is vulnerable to Email spoofing.
  • Check if the domain is vulnerable to Subdomain takeover.
  • Check if the domain is vulnerable to Cross-Origin Resource Sharing (CORS).
  • Check if different endpoints are vulnerable to CSRF.
  • Look for entry points in the URL and check if it is vulnerable to Open Redirect.
  • Look for entry points in the URL and check if it is vulnerable to Cross-site scripting (XSS).
  • Look for entry points in the URL and check if it is vulnerable to SQL Injection (SQLi).
  • Look for entry points in the URL and check if it is vulnerable to Server-side request forgery (SSRF).
  • Search all JS files in the domain and perform a scan for API Keys, access tokens, endpoints, etc.
  • Check if the domain use a CMS and scan it.
  • And many more...

Installation 🔨
$ git clone https://github.com/robotshell/magicRecon
$ cd magicRecon
$ chmod +x install.sh
$ ./install.sh

Example Usage 🙊

All:

./magicrecon.sh -d domain.com -a

Passive reconnaissance to a list of domains:

./magicrecon.sh -l domainlist.txt -p

Active reconnaissance to a domain:

./magicrecon.sh -d domain.com -x

Full reconnaissance:

./magicrecon.sh -d domain.com -r

Full reconnaissance and vulnerabilities scanning:

./magicrecon.sh -d domain.com -r -v

Full reconnaissance and vulnerabilities scanning to a wildcard:

./magicrecon.sh -w domain.com 

Massive reconnaissance and vulnerabilities scanning:

./magicrecon.sh -w domain.com -m 

Post a Comment

Previous Post Next Post